Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-3520 |
Description: The Avatar plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in a function in all versions up to, and including, 0.1.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).
CVSS: HIGH (8.1) EPSS Score: 0.51%
April 18th, 2025 (about 2 months ago)
|
|
CVE-2025-39594 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bob Arigato Autoresponder and Newsletter allows Reflected XSS. This issue affects Arigato Autoresponder and Newsletter: from n/a through 2.7.2.4.
CVSS: HIGH (7.1) EPSS Score: 0.04%
April 17th, 2025 (about 2 months ago)
|
|
CVE-2025-39586 |
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Metagauss ProfileGrid allows SQL Injection. This issue affects ProfileGrid : from n/a through 5.9.4.8.
CVSS: HIGH (8.5) EPSS Score: 0.03%
April 17th, 2025 (about 2 months ago)
|
|
CVE-2025-39583 |
Description: Missing Authorization vulnerability in berthaai BERTHA AI allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects BERTHA AI: from n/a through 1.12.10.2.
CVSS: HIGH (7.1) EPSS Score: 0.04%
April 17th, 2025 (about 2 months ago)
|
|
CVE-2025-39569 |
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in taskbuilder Taskbuilder allows Blind SQL Injection. This issue affects Taskbuilder: from n/a through 4.0.1.
CVSS: HIGH (8.5) EPSS Score: 0.03%
April 17th, 2025 (about 2 months ago)
|
|
CVE-2025-39568 |
Description: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Arture B.V. StoreContrl Woocommerce allows Path Traversal. This issue affects StoreContrl Woocommerce: from n/a through 4.1.3.
CVSS: HIGH (7.5) EPSS Score: 0.06%
April 17th, 2025 (about 2 months ago)
|
|
CVE-2025-39567 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Shamalli Web Directory Free allows Reflected XSS. This issue affects Web Directory Free: from n/a through 1.7.8.
CVSS: HIGH (7.1) EPSS Score: 0.04%
April 17th, 2025 (about 2 months ago)
|
|
CVE-2025-39558 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CRM Perks CRM Perks allows Reflected XSS. This issue affects CRM Perks: from n/a through 1.1.7.
CVSS: HIGH (7.1) EPSS Score: 0.04%
April 17th, 2025 (about 2 months ago)
|
|
CVE-2025-39542 |
Description: Incorrect Privilege Assignment vulnerability in Jauhari Xelion Xelion Webchat allows Privilege Escalation. This issue affects Xelion Webchat: from n/a through 9.1.0.
CVSS: HIGH (8.8) EPSS Score: 0.04%
April 17th, 2025 (about 2 months ago)
|
|
CVE-2025-39535 |
Description: Authentication Bypass Using an Alternate Path or Channel vulnerability in appsbd Vitepos allows Authentication Abuse. This issue affects Vitepos: from n/a through 3.1.7.
CVSS: HIGH (7.2) EPSS Score: 0.06%
April 17th, 2025 (about 2 months ago)
|